At the beginning of every August, I reflect on how fast our summer has gone and find it hard to believe that it’s back to school time for so many of our children. While some have already begun their new academic year, others are finishing up (or just starting) their summer reading and math packets. Many parents are rushing to get school supplies and required health forms filled out while others are sending their kids off to college. We know how busy this time of year is, but it’s also a reminder for K-12 administrators and communities to ensure they have identified ways to enhance the cybersecurity that protects students’ and their families’ sensitive information as well as the online platforms that our children rely on every day for their learning. Whether we are educators, administrators, have children in school or are employers who count on having graduates in our workforce, we all rely on our K-12 school systems having strong cybersecurity measures in place.
Schools are a target for cyberattacks because they hold valuable information such as staff and student personal data, but school districts often lack resources to build a comprehensive cybersecurity program. The recent expansion of school networks that was essential to providing remote learning during COVID-19 has left many K-12 schools “target rich, cyber poor.”
With August’s back-to-school theme and yesterday’s White House event, “Back to School Safely: Cybersecurity for K-12 Schools,” the Cybersecurity and Infrastructure Agency (CISA) is working hard to make K-12 administrators and communities aware of the current cybersecurity threat environment facing schools while promoting resources schools can use to help protect against those threats. The recently published K-12 campaign page: Cybersecurity for K-12 Education | CISA centralizes many no to low-cost resources and identifies actions that school districts can take to improve their cybersecurity. It includes our Partnering to Safeguard K-12 Organizations from Cybersecurity Threats report, which identifies cybersecurity risks facing elementary and secondary schools, along with recommendations, cybersecurity guidelines, and a toolkit designed to help schools address these risks. You will also find links to several ransomware resources for K-12.
We’re also working to apply Secure by Design principles to the K-12 sector. Consistent with the National Cybersecurity Strategy’s direction to shift the burden for cybersecurity onto those most capable, we want to ensure that education technology vendors take responsibility for the security outcomes of the customers. To that end, this week we convened education technology manufacturers for a Secure by Design workshop, where we discussed Secure by Design principles and tactics with company leadership and explored what unique challenges exist within the K-12 space. We look forward to further collaboration with these companies to help protect K-12 communities. Additionally, to better enable schools to evaluate products on the basis of security, we published guidance to K-12 organizations to help ensure that products they buy are Secure by Design.
Let’s use August to expand the conversations, build the relationships, and take the next steps in making our K-12 schools more secure. Explore and widely share these resources, using them as building blocks as we work together to effectively cybersecure our K-12 schools.